Other data, not encrypted at the application, transmitted over the wifi connection could be intercepted and read

However….

The vulnerability is yet to actively exploited in the wild

An attacker has to be “in range” of your wifi network to launch the attack

The attack is complex

Many communications on internal networks are already encrypted

What can I do?

While we are not currently advising customers to turn off wifi completely, there are some mitigation steps that can reduce the risks presented by this vulnerability, these are:

Consider the use of client VPN’s over wifi where you already have them to guarantee privacy of data in transit

Ensure that your asset management practices are complete in regard to wifi infrastructure, so that when patches are released by your respective vendor that these can be applied to each and every vulnerable piece of equipment immediately

Ensure that any existing IoT (i.e smart TV’s presentation endpoints etc) are part of the patching regime

Where you have the capability to do so, tune your access point radios to limit building leakage